QoS script for DD-WRT from Alex Rice's blog

1. #!/bin/ash
2.  
3. # Modified to run under DD-WRT
4. # http://www.morph3ous.net/2009/11/20/beta-hfsc-traffic-shaping-for-qos-on-dd-wrt/
5. # Further modified by Alex Rice
6. # http://www.alexrice.co.uk/blog/using-dd-wrt-hfsc-and-l7-protocol-inspection-prioritise-voip-traffic
7.  
8. # Go to Administration and then commands
9. # Paste script in and click on the save firewall button
10. # Reboot router and test
11. #
12. ###### Script originally from
13. # Maciej Blizi≈&#-47;ski, http://automatthias.wordpress.com/
14. #
15. # References:
16. # http://www.voip-info.org/wiki/view/QoS+Linux+with+HFSC
17. # http://www.nslu2-linux.org/wiki/HowTo/EnableTrafficShaping
18. # http://www.cs.cmu.edu/~hzhang/HFSC/main.html
19. ######
20.  
21. # ***** Basic Configuration *****
22.  
23. # Specify the uplink as 85 - 90 percent of your actual upload speed in kbps
24. UPLINK=300
25.  
26. # Device that connects you to the Internet
27. DEV=$(nvram get wan_ifname)
28. #DEV=vlan1
29.  
30. # ***** Outbound Traffic Configuration *****
31. # Data can be filtered into four different classes based on destination port, IP address or protocol inspection
32. # If you don't need to use a particular option just leave it set to "".
33. #
34. # Traffic that matches several rules will obey protocol first, port second and IP third; working from highest to lowest priority.
35. # If you read down the following list, whichever rule matches first is the one that will be obeyed. You can change this by re-ordering
36. # the lines near the end of this script.
37. #
38. # Protocol matching is CPU intensive so use sparingly
39.  
40. # 1:2 Interactive Class: SSH Terminal, DNS, RDP
41. INTERACTIVEPROTOS=""
42. INTERACTIVEPORTS="22 23 53 3389"
43. INTERACTIVEIPS=""
44.  
45.  
46. # 1:3 Low Latency Class : VoIP telephony, video straming
47. VOIPROTOS="skypetoskype skypeout"
48. VOIPPORTS="5060:5100 10000:11000 5000:5059 8000:8016 5004 1720 1731"
49. VOIPIPS=""
50.  
51.  
52.  
53. # 1:4 Browsing Class : WWW, jabber and IRC
54. BROWSINGPROTOS=""
55. BROWSINGPORTS="80 443 8080"
56. BROWSINGIPS=""
57.  
58.  
59.  
60. # 1:5 The lowest priority traffic: SMTP, FTP, IMAP, IMAP/S, high port numbers likely to be P2P
61. P2PPROTOS=""
62. P2PPORTS="110 25 21 143 993 1024:65535"
63. P2PIPS=""
64.  
65.  
66. #  *****  Hopefully you won't need to look down here ****
67.  
68. # clean up in case re-running
69. # Reset everything to a known state (cleared)
70. tc qdisc del dev $DEV root > /dev/null 2>&1
71. tc qdisc del dev $DEV ingress > /dev/null 2>&1
72.  
73. # Flush and delete tables
74. iptables -t mangle --delete POSTROUTING -o $DEV -j THESHAPER > /dev/null 2>&1
75. iptables -t mangle --flush THESHAPER 2> /dev/null > /dev/null
76. iptables -t mangle --delete-chain THESHAPER 2> /dev/null > /dev/null
77.  
78. #Load the i7 protocol inspector
79. insmod ipt_layer7
80.  
81. # start setting up QOS
82. # Traffic classes:
83. # 1:2 Interactive (SSH, DNS, ACK, Quake)
84. # 1:3 Low latency (VoIP)
85. # 1:4 Browsing (HTTP, HTTPs)
86. # 1:5 Default
87. # 1:6 Low priority (p2p, pop3, smtp, etc)
88.  
89. # add HFSC root qdisc
90. tc qdisc add dev $DEV root handle 1: hfsc default 5
91.  
92. # add main rate limit class
93. tc class add dev $DEV parent 1: classid 1:1 hfsc \
94. sc rate ${UPLINK}kbit ul rate ${UPLINK}kbit
95.  
96. # Interactive traffic
97. tc class add dev $DEV parent 1:1 classid 1:2 hfsc sc umax 1500b dmax 30ms rate $((5*$UPLINK/10))kbit ul rate ${UPLINK}kbit
98.  
99. # Low Latency
100. tc class add dev $DEV parent 1:1 classid 1:3 hfsc sc umax 1500b dmax 75ms rate $((2*$UPLINK/10))kbit ul rate ${UPLINK}kbit
101.  
102. # Browsing
103. tc class add dev $DEV parent 1:1 classid 1:4 hfsc sc rate $((1*$UPLINK/10))kbit ul rate ${UPLINK}kbit
104.  
105. # Default traffic
106.  
107. tc class add dev $DEV parent 1:1 classid 1:5 hfsc sc rate $((1*$UPLINK/20))kbit ul rate ${UPLINK}kbit
108.  
109. # Low priority/Bulk
110. tc class add dev $DEV parent 1:1 classid 1:6 hfsc sc rate 500bit ul rate ${UPLINK}kbit
111.  
112. # add THESHAPER chain to the mangle table in iptables
113.  
114. iptables -t mangle --new-chain THESHAPER
115. iptables -t mangle --insert POSTROUTING -o $DEV -j THESHAPER
116.  
117. # had to change all iptables rules below to use mark instead of classify. tc filters then pick these up and move to the proper queue
118. # in the future this should all be done with tc filters as this is somewhat of a hack and there is presumably at least slightly more overhead
119.  
120. # put packets marked by iptables in the right queues using tc filters
121. tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 2 fw flowid 1:2
122. tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 3 fw flowid 1:3
123. tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 4 fw flowid 1:4
124. tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 5 fw flowid 1:5
125. tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 6 fw flowid 1:6
126.  
127. ## Note that iptables rules are being appended to the end of the chain. It appears that in the mangle
128. ## table when using mark, all rules are processed
129. ## put more specific rules lower down in the script otherwise more general rules below them may
130. ## re-mark them and cause unexpected behavior
131. ### UNLESS ##
132. ## You add another rule with -j RETURN
133. ## I'm doing this with some rules because I want them to be processed first. It also
134. ## helps keep the packet statistics cleaner when issuing the iptables -t mangle -L -v command (otherwise some traffic is double-counted)
135.  
136. # To speed up downloads while an upload is going on, put short ACK
137. # packets in the interactive class:
138. iptables -t mangle -A THESHAPER -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 -j MARK --set-mark 2
139. iptables -t mangle -A THESHAPER -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 -j RETURN
140.  
141. # put large (512+) icmp packets in browsing category
142. iptables -t mangle -A THESHAPER -p icmp -m length --length 512: -j MARK --set-mark 4
143. iptables -t mangle -A THESHAPER -p icmp -m length --length 512: -j RETURN
144.  
145. # ICMP (ip protocol 1) in the interactive class
146. iptables -t mangle -A THESHAPER -p icmp -m length --length :512 -j MARK --set-mark 2
147. iptables -t mangle -A THESHAPER -p icmp -m length --length :512 -j RETURN
148.  
149.  
150. # Set traffic classes based on IP
151. setclassbyip() {
152. IP=$1
153. CLASS=$2
154. iptables -t mangle -A THESHAPER --src $IP -j MARK --set-mark $CLASS
155. iptables -t mangle -A THESHAPER --dst $IP -j MARK --set-mark $CLASS
156. }
157.  
158. #Set traffic classes based on destination port
159. setclassbyport() {
160. port=$1
161. CLASS=$2
162. iptables -t mangle -A THESHAPER -p udp --dport $port -j MARK --set-mark $CLASS
163. iptables -t mangle -A THESHAPER -p tcp --dport $port -j MARK --set-mark $CLASS
164.  
165. }
166.  
167. # Set traffic classes based on protocol inspection
168. setclassbyproto() {
169. proto=$1
170. CLASS=$2
171. iptables -t mangle -A THESHAPER -m layer7 --l7proto $proto -j MARK --set-mark $CLASS
172. }
173.  
174. # By re-ordering the following lines you can alter which rule has highest priority. The LAST rule has the HIGHEST priority
175.  
176. for IP in $P2PIPS; do setclassbyip $IP 6; done
177. for port in $P2PPORTS; do setclassbyport $port 6; done
178. for proto in $P2PPROTOS; do setclassbyproto $proto 6; done
179.  
180. for IP in $BROWSINGIPS; do setclassbyip $IP 4; done
181. for port in $BROWSINGPORTS; do setclassbyport $port 4; done
182. for proto in $BROWSINGPROTOS; do setclassbyproto $proto 4; done
183.  
184. for IP in $VOIPIPS; do setclassbyip $IP 3; done
185. for port in $VOIPPORTS; do setclassbyport $port 3; done
186. for proto in $VOIPROTOS; do setclassbyproto $proto 3; done
187.  
188. for IP in $INTERACTIVEIPS; do setclassbyip $IP 2; done
189. for port in $INTERACTIVEPORTS; do setclassbyport $port 2; done
190. for proto in $INTERACTIVEPROTOS; do setclassbyproto $proto 2; done